Skip to content

Commit

Permalink
chore: Upgrade ESLint and fix lint errors
Browse files Browse the repository at this point in the history
  • Loading branch information
@nzakas
nzakas committed Mar 25, 2022
1 parent 2a3797f commit 1258118
Show file tree
Hide file tree
Showing 15 changed files with 1,257 additions and 1,759 deletions.
2,373 changes: 922 additions & 1,451 deletions package-lock.json
View file

Large diffs are not rendered by default.

3 changes: 2 additions & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
"changelog": "changelog eslint-plugin-security all > CHANGELOG.md",
"test": "npx mocha test/**/*",
"lint": "npx eslint .",
"lint:fix": "npx eslint --fix .",
"cont-int": "npm test && npm run-script lint"
},
"repository": {
Expand All @@ -29,7 +30,7 @@
},
"devDependencies": {
"changelog": "1.3.0",
"eslint": "^2.10.1",
"eslint": "^8.11.0",
"eslint-config-nodesecurity": "^1.3.1",
"mocha": "^9.2.2"
}
Expand Down
102 changes: 51 additions & 51 deletions rules/detect-buffer-noassert.js
View file
Original file line number Diff line number Diff line change
@@ -1,69 +1,69 @@
/**
* Tries to detect buffer read / write calls that use noAssert set to true
* @author Adam Baldwin
* @author Adam Baldwin
*/

'use strict';

//------------------------------------------------------------------------------
// Rule Definition
//------------------------------------------------------------------------------

var names = [];
const names = [];

module.exports = function(context) {

"use strict";
const read = [
'readUInt8',
'readUInt16LE',
'readUInt16BE',
'readUInt32LE',
'readUInt32BE',
'readInt8',
'readInt16LE',
'readInt16BE',
'readInt32LE',
'readInt32BE',
'readFloatLE',
'readFloatBE',
'readDoubleL',
'readDoubleBE'
];

var read = [
"readUInt8",
"readUInt16LE",
"readUInt16BE",
"readUInt32LE",
"readUInt32BE",
"readInt8",
"readInt16LE",
"readInt16BE",
"readInt32LE",
"readInt32BE",
"readFloatLE",
"readFloatBE",
"readDoubleL",
"readDoubleBE"
];
const write = [
'writeUInt8',
'writeUInt16LE',
'writeUInt16BE',
'writeUInt32LE',
'writeUInt32BE',
'writeInt8',
'writeInt16LE',
'writeInt16BE',
'writeInt32LE',
'writeInt32BE',
'writeFloatLE',
'writeFloatBE',
'writeDoubleLE',
'writeDoubleBE'
];

var write = [
"writeUInt8",
"writeUInt16LE",
"writeUInt16BE",
"writeUInt32LE",
"writeUInt32BE",
"writeInt8",
"writeInt16LE",
"writeInt16BE",
"writeInt32LE",
"writeInt32BE",
"writeFloatLE",
"writeFloatBE",
"writeDoubleLE",
"writeDoubleBE"
];
return {
'MemberExpression': function (node) {
let index;
if (read.indexOf(node.property.name) !== -1) {
index = 1;
}
else if (write.indexOf(node.property.name) !== -1) {
index = 2;
}

return {
"MemberExpression": function (node) {
var index;
if (read.indexOf(node.property.name) !== -1) {
index = 1;
} else if (write.indexOf(node.property.name) !== -1) {
index = 2;
}
if (index && node.parent && node.parent.arguments && node.parent.arguments[index] && node.parent.arguments[index].value) {
const token = context.getTokens(node)[0];
return context.report(node, `Found Buffer.${ node.property.name } with noAssert flag set true`);

if (index && node.parent && node.parent.arguments && node.parent.arguments[index] && node.parent.arguments[index].value) {
var token = context.getTokens(node)[0];
return context.report(node, 'Found Buffer.' + node.property.name + ' with noAssert flag set true');

}
}
}
}

};
};

};

53 changes: 27 additions & 26 deletions rules/detect-child-process.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,40 +3,41 @@
* @author Adam Baldwin
*/

'use strict';

//------------------------------------------------------------------------------
// Rule Definition
//------------------------------------------------------------------------------

var names = [];
const names = [];

module.exports = function(context) {

"use strict";

return {
"CallExpression": function (node) {
var token = context.getTokens(node)[0];
if (node.callee.name === 'require') {
var args = node.arguments[0];
if (args && args.type === 'Literal' && args.value === 'child_process') {
if (node.parent.type === 'VariableDeclarator') {
names.push(node.parent.id.name);
} else if (node.parent.type === 'AssignmentExpression' && node.parent.operator === '=') {
names.push(node.parent.left.name);
}
return context.report(node, 'Found require("child_process")');
}
}
},
"MemberExpression": function (node) {
var token = context.getTokens(node)[0];
if (node.property.name === 'exec' && names.indexOf(node.object.name) > -1) {
if (node.parent && node.parent.arguments && node.parent.arguments[0].type !== 'Literal') {
return context.report(node, 'Found child_process.exec() with non Literal first argument');
}
}
return {
'CallExpression': function (node) {
const token = context.getTokens(node)[0];
if (node.callee.name === 'require') {
const args = node.arguments[0];
if (args && args.type === 'Literal' && args.value === 'child_process') {
if (node.parent.type === 'VariableDeclarator') {
names.push(node.parent.id.name);
}
else if (node.parent.type === 'AssignmentExpression' && node.parent.operator === '=') {
names.push(node.parent.left.name);
}
return context.report(node, 'Found require("child_process")');
}
}
},
'MemberExpression': function (node) {
const token = context.getTokens(node)[0];
if (node.property.name === 'exec' && names.indexOf(node.object.name) > -1) {
if (node.parent && node.parent.arguments && node.parent.arguments[0].type !== 'Literal') {
return context.report(node, 'Found child_process.exec() with non Literal first argument');
}
}
}

};
};

};
26 changes: 14 additions & 12 deletions rules/detect-disable-mustache-escape.js
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,20 @@

'use strict';

module.exports = function(context) {

"use strict";
return {
"AssignmentExpression": function(node) {
if (node.operator === '=') {
if (node.left.property) {
if (node.left.property.name == 'escapeMarkup') {
if (node.right.value == false) {
context.report(node, 'Markup escaping disabled.')
}
}
}
return {
'AssignmentExpression': function(node) {
if (node.operator === '=') {
if (node.left.property) {
if (node.left.property.name === 'escapeMarkup') {
if (node.right.value === false) {
context.report(node, 'Markup escaping disabled.');
}
}
}
}
}
};

}
};
18 changes: 9 additions & 9 deletions rules/detect-eval-with-expression.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,19 +3,19 @@
* @author Adam Baldwin
*/

'use strict';

//------------------------------------------------------------------------------
// Rule Definition
//------------------------------------------------------------------------------

module.exports = function(context) {

"use strict";

return {
"CallExpression": function(node) {
if (node.callee.name === "eval" && node.arguments[0].type !== 'Literal') {
context.report(node, "eval with argument of type " + node.arguments[0].type);
}
}
};
return {
'CallExpression': function(node) {
if (node.callee.name === 'eval' && node.arguments[0].type !== 'Literal') {
context.report(node, `eval with argument of type ${ node.arguments[0].type}`);
}
}
};
};
26 changes: 14 additions & 12 deletions rules/detect-new-buffer.js
View file
Original file line number Diff line number Diff line change
@@ -1,19 +1,21 @@
'use strict';


module.exports = function (context) {
// Detects instances of new Buffer(argument)
// where argument is any non literal value.
return {
"NewExpression": function (node) {
if (node.callee.name === 'Buffer' &&
// Detects instances of new Buffer(argument)
// where argument is any non literal value.
return {
'NewExpression': function (node) {
if (node.callee.name === 'Buffer' &&
node.arguments[0] &&
node.arguments[0].type != 'Literal') {

return context.report(node, "Found new Buffer");
}
node.arguments[0].type !== 'Literal') {

return context.report(node, 'Found new Buffer');
}


}
};

}
}
};

};
48 changes: 24 additions & 24 deletions rules/detect-no-csrf-before-method-override.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,37 +3,37 @@
* @author Adam Baldwin
*/

'use strict';

//------------------------------------------------------------------------------
// Rule Definition
//------------------------------------------------------------------------------


module.exports = function(context) {

"use strict";
var csrf = false;

return {
"CallExpression": function(node) {
var token = context.getTokens(node)[0],
nodeType = token.type,
nodeValue = token.value;

if (nodeValue === "express") {
if (!node.callee || !node.callee.property) {
return;
}

if (node.callee.property.name === "methodOverride" && csrf) {
context.report(node, "express.csrf() middleware found before express.methodOverride()");
}
if (node.callee.property.name === "csrf") {
// Keep track of found CSRF
csrf = true;
}
}
let csrf = false;

return {
'CallExpression': function(node) {
const token = context.getTokens(node)[0];
const nodeType = token.type;
const nodeValue = token.value;

if (nodeValue === 'express') {
if (!node.callee || !node.callee.property) {
return;
}
};

};
if (node.callee.property.name === 'methodOverride' && csrf) {
context.report(node, 'express.csrf() middleware found before express.methodOverride()');
}
if (node.callee.property.name === 'csrf') {
// Keep track of found CSRF
csrf = true;
}
}
}
};

};
Loading

0 comments on commit 1258118

Please sign in to comment.